Listen Now – Hear more about LeakSignal’s mission on the Kubernetes Podcast

Building Guardrails for Large Language Models: A Technical Deep Dive into I/O Engineering

May 21, 2024

As Large Language Models (LLMs), like ChatGPT, are increasingly integrated into various applications, the need for advanced safeguards is evident. Guardrails, which filter the inputs and outputs of LLMs, have emerged as a core technology to mitigate risks associated with these models. This post delves into the concept of I/O engineering for LLM guardrails and introduces how LeakSignal is pioneering this approach to maintain data security and governance policies.

Understanding I/O Engineering

I/O engineering is a concept focused on managing and safeguarding the inputs (I) and outputs (O) of large language models and other complex systems. This approach emphasizes the real-time classification and handling of data as it moves through different stages of processing. Unlike traditional security measures that focus on static data at rest, I/O engineering targets dynamic data in transit, providing a more comprehensive and immediate defense mechanism.

How I/O Engineering Works

The process of I/O engineering involves categorizing and matching patterns within data requests and responses to identify sensitive information and potential threats. These classifications, or signals, are used to monitor and control the flow of data. For example:


1. Request Classification: When a request is made to an LLM, it is analyzed for sensitive data patterns. This could include personal identifiers, credit card numbers, malformed data or other critical information.

2. Response Correlation: The system then examines the response generated by the LLM, correlating it with the initial request. If the response contains sensitive data, it can be correlated to identifiers within the request (e.g. auth token) to understand data access and protect the information.

3. Real-Time Protection: By continuously monitoring both requests and responses, I/O engineering enables immediate mitigation of risks. This can involve blocking certain data from being transmitted, alerting administrators, or applying rate limits to prevent data leakage.

Example of I/O Engineering with a LeakSignal Policy

LeakSignal employs a sophisticated policy framework to implement I/O engineering, ensuring comprehensive data security by managing inputs and outputs of large language models in real-time. This framework defines categories for various sensitive data types and applies match rules to identify and handle such data effectively. Categories include patterns for email addresses, credit card numbers, social security numbers, and more, specified using regexes, raw strings, or internal computations on the data.


Match rules are crucial in this framework, allowing for precise data filtering based on strings or patterns. They support various matching strategies, such as `raw` for exact matches, `regex` for pattern-based matches, and `internal` for complex, optimized matchers like credit card numbers or international phone numbers. These rules can be customized to accommodate different sensitivity levels and contextual requirements. For example, a policy might use a regex to identify social security numbers and a correlate rule to ensure the match is within a certain distance of relevant keywords.


By integrating these match rules, LeakSignal can enforce rate limits, manage service matching, and prevent unauthorized data access. This robust approach allows LeakSignal to operate seamlessly within cloud-native architectures, providing real-time classification and protection of sensitive data flows. This ensures that only authorized entities access critical information, maintaining data integrity and compliance with regulatory standards.


LeakSignal’s Approach: The First Open Platform to Support I/O Engineering

LeakSignal stands at the forefront of integrating I/O engineering into data security practices and cloud native technology, not just for LLMs but for any traffic. Here’s how LeakSignal sets itself apart:

1. Native Integration with Cloud Architectures: LeakSignal operates natively within cloud-native architectures, eliminating the need to retrofit existing tools. This allows for seamless observation and classification of data in real-time without disrupting existing workflows.

2. Real-Time Data Classification: By analyzing encrypted traffic at the service level, LeakSignal provides continuous visibility into sensitive data flows. This real-time classification is crucial for identifying and mitigating threats as they occur.

3. Comprehensive Threat Mitigation: LeakSignal’s approach not only detects but also proactively blocks unauthorized data access. By correlating data access patterns with authentication tokens, it ensures that only authorized entities interact with sensitive data.

 4. Enhanced Regulatory Compliance: With features like data labeling and tagging, LeakSignal helps organizations seamlessly maintain compliance with stringent data protection regulations. This is particularly beneficial for regulated industries where data sovereignty and cross-border data flow protection are critical.

5. Efficient Incident Response: In the event of a data breach, LeakSignal provides a complete audit trail of accessed data, enabling swift and accurate incident response. Furthermore, rules can be set to prevent egregious outflows of sensitive data.

alt="I/O engineering graphic for LLM data security">


As AI (and all workloads) continues to evolve, the importance of robust data security measures cannot be overstated. I/O engineering focuses on the real-time management of data inputs and outputs. LeakSignal is pioneering this approach, providing organizations with the tools they need to safeguard sensitive information effectively so that organizations can continue to innovate securely. By integrating seamlessly into modern architectures, LeakSignal ensures that data integrity and compliance are maintained, paving the way for a more secure digital future.